Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties


(OpSec Monkey) #1

Hi everyone. I decided to sign up for this site after troubleshooting my issue and nothing seemed to help.

I installed ELK Stack and Logstash from this website:
http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/setup-elk-stack-ubuntu-16-04.html I followed it step by step.

I created this config file called battlefield

input {
file {
path => "/home/vault/Documents/data_sources/battelfield.csv"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","

 columns => [ "username","hash" ]

}
}
output {
elasticsearch {
action => "index"
hosts => "http://localhost:9200"
index => "data"
workers => 1
}
stdout {}

Sorry about formatting.

Then I run

bin/logstash -f logstash-battlefield.csv

When I run that I get a error message

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[FATAL] 2017-12-14 15:24:55.063 [main] runner - An unexpected error occurred! {:error=>#<ArgumentError: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.>, :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/settings.rb:439:in `validate'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:222:in `validate_value'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:138:in `validate_all'", "org/jruby/RubyHash.java:1342:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/settings.rb:137:in `validate_all'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:243:in `execute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:in `run'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:204:in `run'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:in `run'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in `(root)'"]}

So I check to make sure that the config file is there and it is. so I run it again as SUDO because I am unsure of what that error says.

This is the error I get

WARNING: Could not find logstash.yml which is typically located in $LS_HOME/config or /etc/logstash. You can specify the path using --path.settings. Continuing using the defaults
Could not find log4j2 configuration at path /usr/share/logstash/config/log4j2.properties. Using default config which logs errors to the console
[FATAL] 2017-12-14 15:26:22.502 [LogStash::Runner] runner - Logstash could not be started because there is already another instance using the configured data directory.  If you wish to run multiple instances, you must change the "path.data" setting.

I checked to make sure that the logstash.yml is in etc/logstash and it is there is a conf.d and a logstash.yml

Can someone please tell me what I am doing wrong? This is my first time using this.


(Magnus B├Ąck) #2

Here's the error:

[FATAL] 2017-12-14 15:26:22.502 [LogStash::Runner] runner - Logstash could not be started because there is already another instance using the configured data directory. If you wish to run multiple instances, you must change the "path.data" setting.

You probably have a leftover lock file in the data directory.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.